Total CVEs
5775
last 30 days
Avg Priority
34.0
of max 220
KEV
6
actively exploited
POC
807
public exploits
Unpatched
1588
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
117
CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publi
117
CVE-2026-33017
## Summary
The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows building public flows
117
CVE-2026-3055
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP l
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
Priority Distribution
| Priority | CVE |
|---|---|
| 39 |
CVE-2025-69783
A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming
|
| 39 |
CVE-2026-20698
The issue was addressed with improved memory handling. This issue is fixed in iO
|
| 39 |
CVE-2026-23350
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/queu
|
| 39 |
CVE-2026-23406
In the Linux kernel, the following vulnerability has been resolved:
apparmor: f
|
| 39 |
CVE-2026-33641
## Summary
Glances supports dynamic configuration values in which substrings enc
|
| 39 |
CVE-2026-23410
In the Linux kernel, the following vulnerability has been resolved:
apparmor: f
|
| 39 |
CVE-2026-23408
In the Linux kernel, the following vulnerability has been resolved:
apparmor: F
|
| 39 |
CVE-2026-23271
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix _
|
| 39 |
CVE-2026-23407
In the Linux kernel, the following vulnerability has been resolved:
apparmor: f
|
| 39 |
CVE-2026-23270
In the Linux kernel, the following vulnerability has been resolved:
net/sched:
|
| 39 |
CVE-2026-23383
In the Linux kernel, the following vulnerability has been resolved:
bpf, arm64:
|
| 39 |
CVE-2026-23278
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 39 |
CVE-2026-22163
Requires malware code to misuse the DDK kernel module IOCTL interface.
Such cod
|
| 39 |
CVE-2026-23274
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 39 |
CVE-2026-23280
In the Linux kernel, the following vulnerability has been resolved:
accel/amdxd
|
| 39 |
CVE-2026-23272
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 39 |
CVE-2026-23554
The Intel EPT paging code uses an optimization to defer flushing of any cached
E
|
| 39 |
CVE-2026-3308
An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.
|
| 39 |
CVE-2026-23275
In the Linux kernel, the following vulnerability has been resolved:
io_uring: e
|
| 39 |
CVE-2026-23245
In the Linux kernel, the following vulnerability has been resolved:
net/sched:
|
| 39 |
CVE-2026-23248
In the Linux kernel, the following vulnerability has been resolved:
perf/core:
|
| 39 |
CVE-2026-32711
pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc
|
| 39 |
CVE-2026-21382
Memory Corruption when handling power management requests with improperly sized
|
| 39 |
CVE-2026-21373
Memory Corruption when accessing an output buffer without validating its size du
|
| 39 |
CVE-2026-33491
Zen C is a systems programming language that compiles to human-readable GNU C/C1
|
| 39 |
CVE-2026-4295
Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supp
|
| 39 |
CVE-2026-21380
Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memor
|
| 39 |
CVE-2026-23268
In the Linux kernel, the following vulnerability has been resolved:
apparmor: f
|
| 39 |
CVE-2026-33156
ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, Scree
|
| 39 |
CVE-2026-5054
NoMachine External Control of File Path Local Privilege Escalation Vulnerability
|
| 39 |
CVE-2026-21378
Memory Corruption when accessing an output buffer without validating its size du
|
| 39 |
CVE-2026-21375
Memory Corruption when accessing an output buffer without validating its size du
|
| 39 |
CVE-2026-5055
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerabil
|
| 39 |
CVE-2026-33850
Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affec
|
| 39 |
CVE-2026-33851
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerab
|
| 39 |
CVE-2026-3775
The application's update service, when checking for updates, loads certain syste
|
| 39 |
CVE-2025-66342
A type confusion vulnerability exists in the EMF functionality of Canva Affinity
|
| 39 |
CVE-2025-64301
An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Af
|
| 39 |
CVE-2026-3991
Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.
|
| 39 |
CVE-2026-33847
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerab
|
| 39 |
CVE-2026-4756
Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This iss
|
| 39 |
CVE-2026-24062
The "Privileged Helper" component of the Arturia Software Center (MacOS) does no
|
| 39 |
CVE-2026-25203
Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalat
|
| 39 |
CVE-2026-30874
OpenWrt Project is a Linux operating system targeting embedded devices. In versi
|
| 39 |
CVE-2025-14821
A flaw was found in libssh. This vulnerability allows local man-in-the-middle at
|
| 39 |
CVE-2025-47389
Memory corruption when buffer copy operation fails due to integer overflow durin
|
| 39 |
CVE-2026-21374
Memory Corruption when processing auxiliary sensor input/output control commands
|
| 39 |
CVE-2026-21371
Memory Corruption when retrieving output buffer with insufficient size validatio
|
| 39 |
CVE-2025-47390
Memory corruption while preprocessing IOCTL request in JPEG driver.
|
| 39 |
CVE-2025-47391
Memory corruption while processing a frame request from user.
|
| 39 |
CVE-2026-21376
Memory Corruption when accessing an output buffer without validating its size du
|
| 39 |
CVE-2026-21372
Memory Corruption when sending IOCTL requests with invalid buffer sizes during m
|
| 39 |
CVE-2026-3888
Local privilege escalation in snapd on Linux allows local attackers to get root
|
| 39 |
CVE-2026-5726
ASDA-Soft Stack-based Buffer Overflow Vulnerability
|
| 39 |
CVE-2026-1995
IDrive’s id_service.exe process runs with elevated privileges and regularly read
|
| 39 |
CVE-2026-30232
Chartbrew is an open-source web application that can connect directly to databas
|
| 39 |
CVE-2026-34734
HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-fr
|
| 39 |
CVE-2026-28261
Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, ver
|
| 39 |
CVE-2026-33092
Local privilege escalation due to improper handling of environment variables. Th
|
| 39 |
CVE-2026-27806
## Summary
The Orbit agent's FileVault disk encryption key rotation flow on col
|
| 39 |
CVE-2026-32907
OpenClaw before 2026.2.19 contains a local command injection vulnerability in Wi
|
| 39 |
CVE-2026-39853
osslsigncode is a tool that implements Authenticode signing and timestamping. Pr
|
| 39 |
CVE-2026-40156
PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatical
|
| 39 |
CVE-2026-34172
## Summary
`ChatWorkflow.chat(message)` passes its string argument directly as
|
| 39 |
CVE-2026-20125
A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS X
|
| 39 |
CVE-2026-33935
MyTube is a self-hosted downloader and player for several video websites Prior t
|
| 39 |
CVE-2026-29141
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass
|
| 39 |
CVE-2026-34200
Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41
|
| 39 |
CVE-2026-5709
Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio
|
| 39 |
CVE-2026-2092
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAM
|
| 39 |
CVE-2026-24031
Dovecot SQL based authentication can be bypassed when auth_username_chars is cle
|
| 39 |
CVE-2026-4208
The extension fails to properly reset the generated MFA code after successful au
|
| 39 |
CVE-2026-33153
Tandoor Recipes is an application for managing recipes, planning meals, and buil
|
| 39 |
CVE-2025-15608
This vulnerability in AX53 v1 results from insufficient input sanitization in th
|
| 39 |
CVE-2026-23920
Host and event action script input is validated with a regex (set by the adminis
|
| 39 |
CVE-2026-34041
## Summary
act unconditionally processes the deprecated `::set-env::` and `::ad
|
| 39 |
CVE-2025-10685
Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH s
|
| 39 |
CVE-2026-33544
### Summary
All three OAuth service implementations (`GenericOAuthService`, `Gi
|
| 39 |
CVE-2026-33530
InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6,
|
| 39 |
CVE-2026-34056
OpenEMR is a free and open source electronic health records and medical practice
|
| 39 |
CVE-2026-33399
Wallos is an open-source, self-hostable personal subscription tracker. Prior to
|
| 39 |
CVE-2026-39361
OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the
|
| 39 |
CVE-2026-34746
Payload is a free and open source headless content management system. Prior to v
|
| 39 |
CVE-2026-34936
### Summary
`passthrough()` and `apassthrough()` in `praisonai` accept a caller
|
| 39 |
CVE-2026-35187
## Vulnerability Details
**CWE-918**: Server-Side Request Forgery (SSRF)
The `
|
| 39 |
CVE-2026-29925
Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery
|
| 39 |
CVE-2026-34163
FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's M
|
| 39 |
CVE-2026-31945
LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 throug
|
| 39 |
CVE-2026-33913
OpenEMR is a free and open source electronic health records and medical practice
|
| 39 |
CVE-2026-31891
### Impact
This is a SQL Injection vulnerability in the MongoLite Aggregation O
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 731d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4976d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1197d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3753d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |